[33388] in bugtraq
RE: MS to stop allowing passwords in URLs
daemon@ATHENA.MIT.EDU (Francis Favorini)
Wed Feb 4 04:08:45 2004
Message-ID: <E525222439A3D111B5F600609712CBEDA24D27@mail.biac.duke.edu>
From: Francis Favorini <francis.favorini@duke.edu>
To: bugtraq@securityfocus.com
Date: Tue, 3 Feb 2004 13:24:09 -0500
MIME-Version: 1.0
Content-Type: text/plain
Vinny Abello [mailto:vinny@tellurian.com] wrote...
> Interestingly, I've already found that this patch doesn't fix
> this problem when using IE as an object in VB6.
From the KB article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
"After you install the 832894 security update, you can set registry values
to use this new behavior in other programs that host the Web browser control
or to disable this new behavior for Windows Explorer and Internet Explorer."
The specifics of the registry values are also documented therein.
-FF
